AUTHZ_FAIL Audit Event

Overview

The AUTHZ_FAIL audit event is generated when authorization has failed.

Properties:

• Outcome must be Failure for this event

• aclResource must be the ACL resource ID as defined in ACL resource list

• Op must be one of the operations as defined with the ACL statement, e.g. read for an ACL statement containing (read,write)

Note: In PKI 10.5 this event is renamed to AUTHZ.

Examples

Execute the following command:

$ pki -n caadmin ca-audit-file-find

The server will generate the following logs:

[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=10.34.78.30][ServerIP=10.
34.78.30][SubjectID=CN=PKI Administrator,[email protected],OU=pki-tomcat,O=E
XAMPLE][Outcome=Success] access session establish success
[AuditEvent=AUTH_SUCCESS][SubjectID=caadmin][Outcome=Success][AuthMgr=certUserDB
AuthMgr] authentication success
[AuditEvent=AUTHZ_SUCCESS][SubjectID=caadmin][Outcome=Success][aclResource=certS
erver.ca.account][Op=login][Info=AccountResource.login] authorization success
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.34.78.30][ServerIP=10.34.78.3
0][SubjectID=CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE]
[Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=10.34.78.30][ServerIP=10.
34.78.30][SubjectID=CN=PKI Administrator,[email protected],OU=pki-tomcat,O=E
XAMPLE][Outcome=Success] access session establish success
[AuditEvent=AUTHZ_FAIL][SubjectID=caadmin][Outcome=Failure][aclResource=certServ
er.log.content.signedAudit][Op=read][Info=Authorization Error] authorization fai
lure
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.34.78.30][ServerIP=10.34.78.3
0][SubjectID=CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE]
[Outcome=Success][Info=CLOSE_NOTIFY] access session terminated